Verified Commit 697b221f authored by GovanifY's avatar GovanifY
Browse files

components/server/mail: init

parent 83462f10
TODO list sorted by priority:
* workflow: set up patchouli to have regular and automated backups
* updates: make autoUpgrade pull the git repo and verify navi's sig
* security: security hardening through sandboxing
* security: tor profiles and fix iana
......@@ -4,5 +4,6 @@
./monitor.nix
./chat.nix
./projects.nix
./mail.nix
];
}
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.navi.components.mail-server;
cert = config.security.acme.certs."${cfg.root_domain}".directory;
in
{
imports = [
<nixos-mailserver>
];
options.navi.components.mail-server = {
enable = mkEnableOption "Enable navi's mail server";
accounts = mkOption {
type = mailserver.loginAccounts.type;
description = ''
List of accounts and per-accounts rules for the mail server.
'';
};
domains = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
The domains this mailserver should serve.
'';
};
root_domain = mkOption {
type = types.str;
default = "";
description = ''
The root domain this server will identify itself as when
sending and receiving mails.
'';
};
};
config = mkIf cfg.enable {
mailserver = {
enable = true;
fqdn = cfg.root_domain;
domains = cfg.domains;
certificateScheme = 1;
certificateFile = "${cert}/fullchain.pem";
keyFile = "${cert}/key.pem";
dkimSelector = config.navi.device;
dkimKeyBits = 2048;
loginAccounts = cfg.accounts;
};
navi.components.web-server = {
enable = true;
# this server is a stub that we still need to setup for acme, so we just
# make it stay up whenever and return a nice error code :)
domains."${cfg.root_domain}".return = "418";
};
};
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment